The Next Generation Of Genealogy Sitebuilding SQL Injection

========================================================================================== The Next Generation of Genealogy Sitebuilding SQL Injection Vulnerability ==========================================================================================...

CVE-2017-10949

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459...

CVE-2017-7899

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00...

Evolution Script CMS 5.3 XSS Vulnerability

Evolution Script CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Composr CMS v10.0.0 XSS Vulnerability

Composr CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:composr:cms";...

CVE-2016-3691

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...

CVE-2017-7626

The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php nart,type in GET Method...

CVE-2017-2613

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records SECURITY-406...

Caregiver Script 2.57 SQL Injection

Exploit Title: Caregiver Script v2.57 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...

Caregiver Script 2.57 - SQL Injection

Exploit Title: Caregiver Script v2.57 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...

Maian Weblog 4.0 - SQL Injection

Maian Weblog 4.0 - SQL Injection Introduction Exploit Title: Maian Weblog – SQL Injection Date: 27.01.2017 Vendor Homepage: http://www.maianweblog.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Simple blog system...

Openexpert 0.5.17 - area_id SQL Injection

Openexpert 0.5.17 - areaid SQL Injection Title : Openexpert 0.5.17 - Sql Injection Author: Nassim Asrir Author Company: Henceforth Tested on: Winxp sp3 - win7 Vendor: https://sourceforge.net/projects/law-expert/ Download Software: https://sourceforge.net/projects/law-expert/files/ About The Produ...

Joomla com_blog_calendar SQL injection vulnerability

A SQL Injection Vulnerability has been discovered in the Joomla Module called comblogcalendar. The Vulnerability is located in the index.php?option=comblogcalendar&modid=xxx Parameter. Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value...

Schoolhos CMS v2.29 - userberita SQL injection Vulnerability

Document Title: =============== Schoolhos CMS v2.29 - userberita SQL injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1932 Release Date: ============= 2016-11-22 Vulnerability Laboratory ID VL-ID: ==================================...

Mini Notice Board 1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications mininoticeboardv1.1 XSS Vulnerabilities ========================================= Discovered by NA, NAattutanota.com ======================================= Vendor has been notified Description ============ Mini Notice Board is a small...

Event Calendar PHP 1.5 SQL Injection

===================================================== Event Calendar PHP 1.5 - SQL Injection ===================================================== Vendor Homepage: http://eventcalendarphp.com/ Date: 21 Oct 2016 Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php Version : 1.5 Platform...

Simple Forum PHP 2.4 - SQL Injection

Simple Forum PHP 2.4 - SQL Injection ===================================================== Simple Forum PHP 2.4 - SQL Injection ===================================================== Vendor Homepage: http://simpleforumphp.com Date: 14 Oct 2016 Demo Link : http://simpleforumphp.com/forum/admin.php...

PHPCollab CMS 2.5 - (emailusers.php) SQL Injection

Exploit for php platform in category web applications Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability Product & Service Introduction: =============================== phpCollab is an open source internet-enabled system for use in projects that require collaboration...

phpCollab v2.5 CMS - SQL Injection Vulnerability

Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1898 Release Date: ============= 2016-08-07 Vulnerability Laboratory ID VL-ID: ==================================== 1898 Comm...

DornCMS v1.4 - (FileManager) Persistent XSS Vulnerability

Document Title: =============== DornCMS v1.4 - FileManager Persistent XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1885 Release Date: ============= 2016-07-26 Vulnerability Laboratory ID VL-ID: ==================================== 18...